Neviem sa zbaviť vírusu

[qer509]

Dobrý deň... Od včera mi začali naskakovať popupy v Chrome tak som ako klasicky vyskúšal nástroje na odstránenie vírusov. Skúšal som nástroj na vyčistenie chromu, skúšal som TDSKiller, Zemana, Malware-bytes, JRT, Hitman, Rkill, ADWcleaner, Emsisoft emergency kit, TSA adware removal tool, aj keď niečo našlo stále to nevyriešilo môj problém a keďže už neviem čo mám robiť tak sa obraciam na vás.
TSA našiel toto, ale nič viac sa nenašlo. Po vyčistení sa nič nedeje.


FRST:

https://www.dropbox.com/s/s97kkqzvizrtzph/FRST.zip?dl=1

RSIT:
https://www.dropbox.com/s/3933vhcnaz5d46s/rsit.zip?dl=1

DDS:

https://www.dropbox.com/s/xtk15416vyau8rf/dds.zip?dl=1

Ďakujem.

[Rudy]

Zdravím!
Nálezy ADW smažte. Log FRST je před smazáním nálezů FRST, že? Pak dejte nový po té, co budou nálezy ADW smazány.

[qer509]

To už je log po vyčistení týmto programom.

[Rudy]

OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-1950568586-686396476-2031099585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 iswSvc; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\cmdres.dll
C:\Users\Public\VOIP.dat
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Števo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Števo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Števo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File

EmptyTemp:
End

Uložte do D:\Software\Anti-Malware jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[qer509]

Hotovo.


Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by Števo (06-05-2017 21:52:27) Run:1
Running from D:\Software\Anti-Malware
Loaded Profiles: Števo (Available Profiles: Števo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-1950568586-686396476-2031099585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
U3 iswSvc; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\cmdres.dll
C:\Users\Public\VOIP.dat
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\�tevo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\�tevo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\�tevo\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => No File

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1950568586-686396476-2031099585-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
iswSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\ProgramData\cmdres.dll => moved successfully
C:\Users\Public\VOIP.dat => moved successfully
HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-1950568586-686396476-2031099585-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 271050610 B
Java, Flash, Steam htmlcache => 714 B
Windows/system/drivers => 9555465 B
Edge => 7585772 B
Chrome => 297900555 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 17194 B
NetworkService => 1684 B
Števo => 396252556 B

RecycleBin => 6471685 B
EmptyTemp: => 950.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:53:43 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[qer509]

Reklamy prestali vyskakovať... aspoň zatiaľ som nič nespozoroval.
Ďakujem veľmi pekne... ja som sa s tým babral celý deň a nič nepomohlo a hľa

[Rudy]

Nemáte zač!